diff options
Diffstat (limited to 'source3/auth')
| -rw-r--r-- | source3/auth/auth_unix.c | 2 | ||||
| -rw-r--r-- | source3/auth/auth_util.c | 6 | ||||
| -rw-r--r-- | source3/auth/pass_check.c | 24 |
3 files changed, 26 insertions, 6 deletions
diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c index 69c24b8213..73a4c51b4f 100644 --- a/source3/auth/auth_unix.c +++ b/source3/auth/auth_unix.c @@ -96,7 +96,7 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context, pass = Get_Pwnam(user_info->internal_username.str); - /** This call assumes a ASCII password, no charset transformation is + /** @todo This call assumes a ASCII password, no charset transformation is done. We may need to revisit this **/ nt_status = pass_check(pass, pass ? pass->pw_name : user_info->internal_username.str, diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index d2748e30d4..643c2e1996 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -554,16 +554,18 @@ void free_server_info(auth_serversupplied_info **server_info) BOOL make_server_info_guest(auth_serversupplied_info **server_info) { - struct passwd *pass = sys_getpwnam(lp_guestaccount()); + struct passwd *pass = getpwnam_alloc(lp_guestaccount()); if (pass) { if (!make_server_info_pw(server_info, pass)) { + passwd_free(&pass); return False; } (*server_info)->guest = True; + passwd_free(&pass); return True; } - DEBUG(0,("make_server_info_guest: sys_getpwnam() failed on guest account!\n")); + DEBUG(0,("make_server_info_guest: getpwnam_alloc() failed on guest account!\n")); return False; } diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c index 77839e4bb0..0101e0fe18 100644 --- a/source3/auth/pass_check.c +++ b/source3/auth/pass_check.c @@ -589,9 +589,10 @@ match is found and is used to update the encrypted password file return NT_STATUS_OK on correct match, appropriate error otherwise ****************************************************************************/ -NTSTATUS pass_check(struct passwd *pass, char *user, char *password, +NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password, int pwlen, BOOL (*fn) (char *, char *), BOOL run_cracker) { + struct passwd *pass; pstring pass2; int level = lp_passwordlevel(); @@ -620,15 +621,17 @@ NTSTATUS pass_check(struct passwd *pass, char *user, char *password, DEBUG(4, ("pass_check: Checking (PAM) password for user %s (l=%d)\n", user, pwlen)); -#else /* Not using PAM or Kerebos */ +#else /* Not using PAM */ DEBUG(4, ("pass_check: Checking password for user %s (l=%d)\n", user, pwlen)); - if (!pass) { + if (!input_pass) { DEBUG(3, ("Couldn't find user %s\n", user)); return NT_STATUS_NO_SUCH_USER; } + pass = make_modifyable_passwd(input_pass); + #ifdef HAVE_GETSPNAM { struct spwd *spass; @@ -662,6 +665,15 @@ NTSTATUS pass_check(struct passwd *pass, char *user, char *password, } #endif +#ifdef HAVE_GETPWANAM + { + struct passwd_adjunct *pwret; + pwret = getpwanam(s); + if (pwret && pwret->pwa_passwd) + pstrcpy(pass->pw_passwd,pwret->pwa_passwd); + } +#endif + #ifdef OSF1_ENH_SEC { struct pr_passwd *mypasswd; @@ -698,22 +710,27 @@ NTSTATUS pass_check(struct passwd *pass, char *user, char *password, this_salt[2] = 0; #endif + /* Copy into global for the convenience of looping code */ fstrcpy(this_crypted, pass->pw_passwd); if (!*this_crypted) { if (!lp_null_passwords()) { DEBUG(2, ("Disallowing %s with null password\n", this_user)); + passwd_free(&pass); return NT_STATUS_LOGON_FAILURE; } if (!*password) { DEBUG(3, ("Allowing access to %s with null password\n", this_user)); + passwd_free(&pass); return NT_STATUS_OK; } } + passwd_free(&pass); + #endif /* defined(WITH_PAM) */ /* try it as it came to us */ @@ -736,6 +753,7 @@ NTSTATUS pass_check(struct passwd *pass, char *user, char *password, * need to proceed as we know it hasn't been case modified by the * client */ if (strhasupper(password) && strhaslower(password)) { + passwd_free(&pass); return nt_status; } |